add support for cybersecurity #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Android CI | |
| on: | |
| push: | |
| branches: | |
| - android | |
| - main | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: | |
| - android | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| build-debug: | |
| name: Build Debug APK | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| cache: 'gradle' | |
| - name: Verify Java Version | |
| shell: bash | |
| run: java -version | |
| - name: Cache Gradle | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| ~/.gradle/build-cache | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', 'gradle.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Setup Android SDK | |
| uses: android-actions/setup-android@v3 | |
| - name: Grant execute permission for Gradle | |
| shell: bash | |
| run: chmod +x gradlew | |
| - name: Build Debug APK | |
| shell: bash | |
| run: ./gradlew assembleDebug --stacktrace | |
| - name: Upload Debug APK | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-debug-apk | |
| path: app/build/outputs/apk/debug/app-debug.apk | |
| if-no-files-found: error | |
| auto-release: | |
| name: Auto Release Latest Build | |
| runs-on: windows-latest | |
| needs: build-debug | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/android' || github.ref == 'refs/heads/main') | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Download Debug APK | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-debug-apk | |
| - name: Get short SHA | |
| id: sha | |
| shell: bash | |
| run: echo "short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT | |
| - name: Delete existing latest release | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release delete latest --repo ${{ github.repository }} --yes || true | |
| git push --delete origin latest || true | |
| continue-on-error: true | |
| - name: Create Latest Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: latest | |
| name: "Latest Build (${{ steps.sha.outputs.short }})" | |
| body: | | |
| 🚀 **Automated Debug Build** | |
| - **Branch:** ${{ github.ref_name }} | |
| - **Commit:** ${{ steps.sha.outputs.short }} | |
| - **Date:** ${{ github.event.head_commit.timestamp }} | |
| - **Message:** ${{ github.event.head_commit.message }} | |
| This is an automatically generated debug build from the latest commit. | |
| For signed production releases, create a version tag (e.g., `v1.0.0`). | |
| files: app-debug.apk | |
| prerelease: true | |
| draft: false | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| release: | |
| name: Publish Release (signed if secrets present) | |
| runs-on: windows-latest | |
| needs: build-debug | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| cache: 'gradle' | |
| - name: Verify Java Version | |
| shell: bash | |
| run: java -version | |
| - name: Cache Gradle | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| ~/.gradle/build-cache | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', 'gradle.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Setup Android SDK | |
| uses: android-actions/setup-android@v3 | |
| - name: Grant execute permission for Gradle | |
| shell: bash | |
| run: chmod +x gradlew | |
| - name: Decode Keystore (if secrets present) | |
| if: env.KEYSTORE_BASE64 != '' | |
| shell: bash | |
| env: | |
| KEYSTORE_BASE64: ${{ secrets.KEYSTORE_BASE64 }} | |
| run: | | |
| echo "$KEYSTORE_BASE64" | base64 --decode > my-release-key.jks | |
| - name: Build Release APK | |
| shell: bash | |
| env: | |
| KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} | |
| KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} | |
| run: | | |
| ./gradlew assembleRelease --stacktrace | |
| - name: Determine APK path and signing status | |
| id: apk | |
| shell: bash | |
| run: | | |
| if [ -f app/build/outputs/apk/release/app-release.apk ]; then | |
| echo "path=app/build/outputs/apk/release/app-release.apk" >> $GITHUB_OUTPUT | |
| echo "signed=true" >> $GITHUB_OUTPUT | |
| elif [ -f app/build/outputs/apk/release/app-release-unsigned.apk ]; then | |
| echo "path=app/build/outputs/apk/release/app-release-unsigned.apk" >> $GITHUB_OUTPUT | |
| echo "signed=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "No release APK found" >&2; exit 1 | |
| fi | |
| - name: Upload Release APK artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-release-apk${{ steps.apk.outputs.signed == 'true' && '-signed' || '-unsigned' }} | |
| path: ${{ steps.apk.outputs.path }} | |
| if-no-files-found: error | |
| - name: Create GitHub Release and upload APK | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: ${{ steps.apk.outputs.path }} | |
| body: | | |
| Release APK - ${{ steps.apk.outputs.signed == 'true' && '✅ Signed' || '⚠️ Unsigned' }} | |
| To enable signed releases, add these secrets to your repository: | |
| - KEYSTORE_BASE64: Your keystore file encoded in base64 | |
| - KEYSTORE_PASSWORD: Your keystore password | |
| - KEY_PASSWORD: Your key password | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |